[Date Prev][Date Next]
RE: (ITS#4756) IPv6 Addresses are not supported in ACL peername
Given that the code (in aclparse.c) calls inet_addr() with the
peername.ip parameter, I can't see how it could will work with IPv6.
The only possible workaround is using a regex instead of ip type which
by passes the inet_addr() call.
I raised it as a bug since the latest version (as far as I can tell) is
meant to support IPv6 and there is no way that peername.ip does and
there isn't an alternative.
I asked the question regarding other ways to restrict access since I
noted that the documentation mentions TCP Wrappers and has a see also of
host_options(5) -- which does not exist, so I was hoping that some
advice might come while someone looked at the problem (if or when it was
deemed important enough).
tel: +61 3 9727 8920
fax: +61 3 9727 3491
mobile: +61 419 922 326
From: Howard Chu [mailto:firstname.lastname@example.org]
Sent: Friday, 17 November 2006 4:59 PM
To: Groenveld, Damon
Subject: Re: (ITS#4756) IPv6 Addresses are not supported in ACL peername
> Full_Name: Damon Groenveld
> Version: LATEST
> OS: Solaris, WinXP, Linux, AIX, HP-UX
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (188.8.131.52)
> There does not seem to be the ability to specify an IPv6 address in
> part of the ACL.
> Is there any other way to restrict access to a host IP address when
> IPv6 addresses?
Software usage questions should be directed to the OpenLDAP-software
mailing list. There is no indication of a bug here, most likely this
report should be closed.
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
OpenLDAP Core Team http://www.openldap.org/project/